TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys

souleater · 13.06.2010, 10:30

Seit einiger Zeit hab ich immer die Fehlermeldung das die Datei

C:\Windows\System32\drivers\taunpo.sys

in meinem PC infiziert ist mit dem trjonaischen Pferd TR/Rootkin.gen

Ich habe die ANleitung befolgt und poste denn mal alle Reports

Zitat:

Zitat von Malwarebytes

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4192

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

13.06.2010 11:00:19
mbam-log-2010-06-13 (11-00-19).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 129006
Laufzeit: 4 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\windows\system32\Drivers\taunpo.sys (Trojan.Rootkit) -> Quarantined and deleted successfully.

[QUOTE=OTL]OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 6/13/2010 11:03:03 AM - Run 1
OTL by OldTimer - Version 3.2.6.0     Folder = C:\Users\***\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 198.29 Gb Total Space | 149.09 Gb Free Space | 75.19% Space Free | Partition Type: NTFS
Drive D: | 252.37 Gb Total Space | 252.28 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive E: | 391.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 7.45 Gb Total Space | 7.44 Gb Free Space | 99.88% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\WTouch\WTouchUser.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\drivers\WTSrv.exe (Tablet Driver)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Windows\System32\wisptis.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe ()
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit) --  File not found
SRV - (Akamai) -- c:\program files\common files\akamai\rswin_3697.dll ()
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.)
SRV - (TabletServicePen) -- C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (WinTabService) -- C:\windows\System32\Drivers\WTSRV.EXE (Tablet Driver)
SRV - (OberonGameConsoleService) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (Tablet2k) -- C:\Windows\System32\Tablet2k.cat ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek                                            )
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (UCTblHid) -- C:\Windows\System32\drivers\UCTblHid.sys (Tablet Driver)
DRV - (TClass2k) -- C:\Windows\System32\drivers\TClass2k.sys (Tablet Driver)
DRV - (PTSimHid) -- C:\Windows\System32\drivers\PTSimHid.sys (PenTablet Driver)
DRV - (PTSimBus) -- C:\Windows\System32\drivers\PTSimBus.sys (PenTablet Driver)
DRV - (SAVRKBootTasks) -- C:\Windows\System32\SAVRKBootTasks.sys (Sophos Plc)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (iaStor) -- C:\windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (SABI) -- C:\Windows\System32\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ***://***.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ***=127.0.0.1:6860
 
========== FireFox ==========
 
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/09 20:39:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/09 20:39:01 | 000,000,000 | ---D | M]
 
[2009/12/08 21:21:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010/06/12 21:49:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\k1wx1ksh.default\extensions
[2010/04/11 10:24:15 | 000,000,000 | ---D | M] (LinkChecker) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\k1wx1ksh.default\extensions\{49f3fc85-dcfe-4e42-9301-226ebe658509}
[2010/04/26 20:15:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\k1wx1ksh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/03/08 07:10:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\k1wx1ksh.default\extensions\illimitux@illimitux.net
[2010/04/26 20:15:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\k1wx1ksh.default\extensions\personas@christopher.beard
[2010/03/18 22:29:15 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010/03/14 23:24:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/03/14 23:24:50 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/03/14 23:24:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/03/14 23:24:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/03/14 23:24:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Users\***\Documents\Installieren\MBAM\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WTClient] C:\windows\System32\WTClient.exe (Tablet Driver)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} ***://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ***://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} ***://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003/11/25 15:05:10 | 000,000,046 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{15596053-cdae-11de-b148-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{15596053-cdae-11de-b148-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Install.exe -- [2009/11/03 22:36:04 | 000,509,034 | R--- | M] (Adobe Systems, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/06/13 10:44:22 | 003,387,040 | ---- | C] (Piriform Ltd) -- C:\Users\***\Desktop\ccsetup232.exe
[2010/06/13 10:33:23 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010/06/11 19:43:18 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Roaming\lowsec
[2010/06/11 13:24:16 | 002,326,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2010/06/11 13:24:15 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\asycfilt.dll
[2010/06/11 13:24:11 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2010/06/11 13:24:10 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2010/06/11 13:24:10 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2010/06/11 13:24:10 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2010/06/11 13:23:56 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2010/06/11 13:23:56 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2010/06/09 19:42:11 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\windows\System32\SAVRKBootTasks.sys
[2010/06/08 21:08:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm
[2010/06/08 21:00:19 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\windows\System32\GEARAspi.dll
[2010/06/08 20:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/08 20:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/06/06 21:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/06/06 21:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/06/06 21:39:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/06/01 20:40:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WTablet
[2010/06/01 20:40:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WTouch
[2010/06/01 20:40:31 | 000,245,032 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\System32\Touch_Tablet.dll
[2010/06/01 20:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\WTouch
[2010/06/01 20:40:06 | 006,393,640 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\System32\PenTablet.cpl
[2010/06/01 20:39:41 | 000,011,312 | ---- | C] (Wacom Technology) -- C:\windows\System32\drivers\wacommousefilter.sys
[2010/06/01 20:39:33 | 000,013,736 | ---- | C] (Wacom Technology) -- C:\windows\System32\drivers\wacomvhid.sys
[2010/06/01 20:39:29 | 000,000,000 | ---D | C] -- C:\windows\System32\WTablet
[2010/06/01 20:39:25 | 004,497,704 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\System32\Pen_Tablet.exe
[2010/06/01 20:39:25 | 000,416,040 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\System32\Pen_Tablet.dll
[2010/06/01 20:39:25 | 000,284,160 | ---- | C] (Wacom Technology, Corp.) -- C:\windows\System32\Wintab32.dll
[2010/06/01 20:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2010/05/31 19:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\TabletPlugins
[2010/05/31 19:20:12 | 000,016,168 | ---- | C] (Wacom Technology) -- C:\windows\System32\drivers\wacmoumonitor.sys
[2010/05/30 19:04:17 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Wiederhergestellt
[2010/05/30 13:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2010/05/30 12:58:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Corel
[2010/05/30 12:14:49 | 000,261,120 | ---- | C] (InstallShield Corporation, Inc.) -- C:\windows\UN160407.EXE
[2010/05/30 12:14:49 | 000,026,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System\CTL3D.DLL
[2010/05/26 21:03:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2010/05/25 19:24:33 | 000,000,000 | ---D | C] -- C:\Users\***\Neuer Ordner (2)
[2010/05/25 12:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/05/24 22:27:06 | 000,578,456 | ---- | C] (Innovasys) -- C:\windows\System32\ExpBar1.ocx
[2010/05/24 22:27:06 | 000,458,752 | ---- | C] (Variad Corporation) -- C:\windows\System32\varOSButton.ocx
[2010/05/24 22:27:06 | 000,118,272 | ---- | C] (Crescent Division of Progress Software Corporation) -- C:\windows\System32\qpro32.dll
[2010/05/24 22:27:06 | 000,045,056 | ---- | C] (Gamesman Inc.) -- C:\windows\System32\ctfile.ocx
[2010/05/24 22:27:06 | 000,012,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SCRRNDE.DLL
[2010/05/24 22:27:05 | 001,846,784 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\System32\crpe32.dll
[2010/05/24 22:27:05 | 001,007,616 | ---- | C] (ProWorks Corp.) -- C:\windows\System32\FlpGrf.ocx
[2010/05/24 22:27:05 | 000,823,784 | ---- | C] (APEX Software Corporation) -- C:\windows\System32\TDBG6.OCX
[2010/05/24 22:27:05 | 000,250,336 | ---- | C] (Apex Software Corporation) -- C:\windows\System32\TDBGPP.DLL
[2010/05/24 22:27:05 | 000,244,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSFLXGRD.OCX
[2010/05/24 22:27:05 | 000,209,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TABCTL32.OCX
[2010/05/24 22:27:05 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RICHTX32.OCX
[2010/05/24 22:27:05 | 000,187,664 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\System32\crystl32.ocx
[2010/05/24 22:27:05 | 000,140,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\COMDLG32.OCX
[2010/05/24 22:27:05 | 000,126,976 | ---- | C] (Gamesman Inc.) -- C:\windows\System32\ctmonth.ocx
[2010/05/24 22:27:05 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\VB6DE.DLL
[2010/05/24 22:27:05 | 000,110,080 | ---- | C] (Crescent Division of Progress Software Corporation.) -- C:\windows\System32\cscomb32.ocx
[2010/05/24 22:27:05 | 000,098,304 | ---- | C] (dbi Technologies Inc.) -- C:\windows\System32\ctdedit.ocx
[2010/05/24 22:27:05 | 000,094,208 | ---- | C] (Personal) -- C:\windows\System32\ColorPicker.ocx
[2010/05/24 22:27:05 | 000,090,112 | ---- | C] (Gamesman Inc.) -- C:\windows\System32\ctdate.ocx
[2010/05/24 22:27:05 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\VB5DB.DLL
[2010/05/24 22:27:05 | 000,079,872 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\System32\p2bdao.dll
[2010/05/24 22:27:05 | 000,079,872 | ---- | C] (Crescent Division of Progress Software Corporation.) -- C:\windows\System32\csspin32.ocx
[2010/05/24 22:27:05 | 000,077,824 | ---- | C] (DBI Technologies Inc.) -- C:\windows\System32\ctimage.ocx
[2010/05/24 22:27:05 | 000,053,248 | ---- | C] (Gamesman Inc.) -- C:\windows\System32\ctmeter.ocx
[2010/05/24 22:27:05 | 000,050,688 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\System32\p2irdao.dll
[2010/05/24 22:27:05 | 000,036,352 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\windows\System32\p2ctdao.dll
[2010/05/24 22:27:05 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RCHTXDE.DLL
[2010/05/24 22:27:05 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CMDLGDE.DLL
[2010/05/24 22:27:05 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TABCTDE.DLL
[2010/05/24 22:27:05 | 000,018,944 | ---- | C] ( ) -- C:\windows\System32\implode.dll
[2010/05/24 22:27:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\STDFTDE.DLL
[2010/05/23 12:26:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010/05/23 12:25:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/05/23 12:25:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/05/23 12:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/23 11:53:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2010/05/23 11:52:54 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2010/05/23 11:52:53 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2010/05/23 11:52:53 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\windows\System32\drivers\avgntdd.sys
[2010/05/23 11:52:53 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\windows\System32\drivers\avgntmgr.sys
[2010/05/23 11:52:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/05/23 11:13:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\dbhhjefoq
[2010/05/22 23:06:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\KaLoMa
[2010/05/16 12:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010/06/13 11:05:19 | 000,823,808 | ---- | M] () -- C:\windows\System32\drivers\taunpo.sys
[2010/06/13 11:01:56 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/06/13 11:01:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/06/13 11:01:47 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/13 11:01:06 | 002,097,152 | -HS- | M] () -- C:\Users\***\ntuser.dat
[2010/06/13 11:01:05 | 005,463,956 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010/06/13 10:52:59 | 000,000,206 | ---- | M] () -- C:\Users\***\Desktop\cc_20100613_105244.reg
[2010/06/13 10:51:34 | 000,000,312 | ---- | M] () -- C:\Users\***\Desktop\cc_20100613_105130.reg
[2010/06/13 10:50:36 | 000,003,436 | ---- | M] () -- C:\Users\***\Desktop\cc_20100613_105030.reg
[2010/06/13 10:49:48 | 000,180,572 | ---- | M] () -- C:\Users\***\Desktop\cc_20100613_104918.reg
[2010/06/13 10:45:26 | 002,281,378 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2010/06/13 10:45:26 | 001,129,130 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/06/13 10:45:26 | 000,654,470 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2010/06/13 10:45:26 | 000,575,778 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/06/13 10:45:26 | 000,004,762 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/06/13 10:45:17 | 000,001,945 | ---- | M] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010/06/13 10:33:25 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010/06/13 10:29:48 | 003,387,040 | ---- | M] (Piriform Ltd) -- C:\Users\***\Desktop\ccsetup232.exe
[2010/06/13 10:21:04 | 000,231,390 | ---- | M] () -- C:\Users\***\Desktop\RootkitRevealer.zip
[2010/06/13 09:19:59 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/13 09:19:59 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/11 22:41:53 | 000,000,132 | ---- | M] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/06/11 20:04:57 | 003,791,192 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/06/08 21:06:24 | 000,001,043 | ---- | M] () -- C:\Users\Public\Desktop\Last.fm.lnk
[2010/06/08 21:00:26 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/06 21:55:52 | 000,113,416 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/06 21:43:16 | 000,001,389 | ---- | M] () -- C:\Users\***\Desktop\Adobe Photoshop CS5.lnk
[2010/05/30 18:20:45 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010/05/30 12:58:15 | 000,000,008 | RHS- | M] () -- C:\ProgramData\C96FFE052E.sys
[2010/05/27 09:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2010/05/27 05:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2010/05/25 13:54:54 | 000,000,145 | --S- | M] () -- C:\Users\***\AppData\Local\1714199777.dat
[2010/05/25 13:53:34 | 000,000,004 | ---- | M] () -- C:\Users\***\AppData\Roaming\ovczpx.dat
[2010/05/23 12:25:28 | 000,001,116 | ---- | M] () -- C:\Users\***\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/23 11:53:00 | 000,002,012 | ---- | M] () -- C:\Users\***\Desktop\Avira AntiVir Control Center.lnk
[2010/05/23 11:21:25 | 000,003,321 | -HS- | M] () -- C:\Users\***\AppData\Roaming\02000000d971e13d922P.manifest
[2010/05/23 11:13:47 | 000,000,013 | -HS- | M] () -- C:\Users\***\AppData\Roaming\02000000d971e13d922C.manifest
[2010/05/23 11:13:47 | 000,000,011 | -HS- | M] () -- C:\Users\***\AppData\Roaming\02000000d971e13d922S.manifest
[2010/05/23 11:13:47 | 000,000,011 | -HS- | M] () -- C:\Users\***\AppData\Roaming\02000000d971e13d922O.manifest
[2010/05/21 07:14:50 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010/06/13 10:52:47 | 000,000,206 | ---- | C] () -- C:\Users\***\Desktop\cc_20100613_105244.reg
[2010/06/13 10:51:32 | 000,000,312 | ---- | C] () -- C:\Users\***\Desktop\cc_20100613_105130.reg
[2010/06/13 10:50:33 | 000,003,436 | ---- | C] () -- C:\Users\***\Desktop\cc_20100613_105030.reg
[2010/06/13 10:49:29 | 000,180,572 | ---- | C] () -- C:\Users\***\Desktop\cc_20100613_104918.reg
[2010/06/13 10:41:27 | 000,231,390 | ---- | C] () -- C:\Users\***\Desktop\RootkitRevealer.zip
[2010/06/08 21:06:24 | 000,001,043 | ---- | C] () -- C:\Users\***\Desktop\Last.fm.lnk
[2010/06/08 21:00:26 | 000,002,429 | ---- | C] () -- C:\Users\***\Desktop\iTunes.lnk
[2010/06/06 22:31:24 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/06/06 21:43:16 | 000,001,389 | ---- | C] () -- C:\Users\***\Desktop\Adobe Photoshop CS5.lnk
[2010/06/01 20:46:54 | 000,000,488 | ---- | C] () -- C:\windows\System32\TouchTabletUserDefaults.xml
[2010/06/01 20:46:54 | 000,000,488 | ---- | C] () -- C:\windows\System32\PenTabletUserDefaults.xml
[2010/06/01 20:40:06 | 001,595,175 | ---- | C] () -- C:\windows\System32\PenTablet.znc
[2010/05/30 12:58:15 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/05/30 12:58:15 | 000,000,008 | RHS- | C] () -- C:\ProgramData\C96FFE052E.sys
[2010/05/25 13:53:35 | 000,000,145 | --S- | C] () -- C:\Users\***\AppData\Local\1714199777.dat
[2010/05/25 13:53:34 | 000,000,004 | ---- | C] () -- C:\Users\***\AppData\Roaming\ovczpx.dat
[2010/05/24 22:27:05 | 000,748,160 | ---- | C] () -- C:\windows\System32\CO2C40EN.DLL
[2010/05/24 22:27:05 | 000,153,761 | ---- | C] () -- C:\windows\System32\u2frtf.dll
[2010/05/24 22:27:05 | 000,124,256 | ---- | C] () -- C:\windows\System32\u2dmapi.dll
[2010/05/24 22:27:05 | 000,109,568 | ---- | C] () -- C:\windows\System32\u2fhtml.dll
[2010/05/24 22:27:05 | 000,097,489 | ---- | C] () -- C:\windows\System32\u2fcr.dll
[2010/05/24 22:27:05 | 000,069,632 | ---- | C] () -- C:\windows\System32\u2fxls.dll
[2010/05/24 22:27:05 | 000,069,632 | ---- | C] () -- C:\windows\System32\u2fwordw.dll
[2010/05/24 22:27:05 | 000,053,248 | ---- | C] () -- C:\windows\System32\u2fwks.dll
[2010/05/24 22:27:05 | 000,053,248 | ---- | C] () -- C:\windows\System32\u2ftext.dll
[2010/05/24 22:27:05 | 000,053,248 | ---- | C] () -- C:\windows\System32\u2fsepv.dll
[2010/05/24 22:27:05 | 000,049,152 | ---- | C] () -- C:\windows\System32\u2frec.dll
[2010/05/24 22:27:05 | 000,049,152 | ---- | C] () -- C:\windows\System32\u2fdif.dll
[2010/05/24 22:27:05 | 000,045,056 | ---- | C] () -- C:\windows\System32\u2ddisk.dll
[2010/05/23 12:25:28 | 000,001,116 | ---- | C] () -- C:\Users\***\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/23 11:53:00 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/05/23 11:14:54 | 000,823,808 | ---- | C] () -- C:\windows\System32\drivers\taunpo.sys
[2010/05/23 11:13:47 | 000,003,321 | -HS- | C] () -- C:\Users\***\AppData\Roaming\02000000d971e13d922P.manifest
[2010/05/23 11:13:47 | 000,000,013 | -HS- | C] () -- C:\Users\***\AppData\Roaming\02000000d971e13d922C.manifest
[2010/05/23 11:13:47 | 000,000,011 | -HS- | C] () -- C:\Users\***\AppData\Roaming\02000000d971e13d922S.manifest
[2010/05/23 11:13:47 | 000,000,011 | -HS- | C] () -- C:\Users\***\AppData\Roaming\02000000d971e13d922O.manifest
[2009/12/26 22:36:22 | 000,000,248 | ---- | C] () -- C:\windows\Tablet8000x6000M.ini
[2009/12/26 22:23:07 | 000,010,240 | ---- | C] () -- C:\windows\System32\ucinst32.dll
[2009/12/07 21:08:01 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2009/09/22 07:21:26 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
 
========== LOP Check ==========
 
[2010/04/21 20:47:34 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#
[2009/12/10 19:12:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010/05/29 22:28:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ezaloz
[2010/04/21 20:47:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GameConsole
[2010/02/02 16:23:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Go Go Gourmet
[2010/02/19 21:38:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\hdbADS
[2010/05/22 23:06:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KaLoMa
[2010/06/11 20:05:54 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\lowsec
[2010/04/19 23:17:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAXON
[2010/01/10 16:05:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nikon
[2010/05/29 22:05:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ogcit
[2010/02/07 15:31:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010/02/20 12:44:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SYSTEMAX Software Development
[2010/06/01 20:40:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WTouch
[2010/05/15 09:46:04 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2010/04/23 10:35:24 | 000,035,922 | ---- | M] ()(C:\Users\***\Documents\Letter Bee ?.rtf) -- C:\Users\***\Documents\Letter Bee ♥.rtf
[2010/01/24 16:54:12 | 000,035,922 | ---- | C] ()(C:\Users\***\Documents\Letter Bee ?.rtf) -- C:\Users\***\Documents\Letter Bee ♥.rtf
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE
< End of report >

--- --- ---

[QUOTE=Extras]OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 6/13/2010 11:03:03 AM - Run 1
OTL by OldTimer - Version 3.2.6.0     Folder = C:\Users\***\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 198.29 Gb Total Space | 149.09 Gb Free Space | 75.19% Space Free | Partition Type: NTFS
Drive D: | 252.37 Gb Total Space | 252.28 Gb Free Space | 99.96% Space Free | Partition Type: NTFS
Drive E: | 391.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 7.45 Gb Total Space | 7.44 Gb Free Space | 99.88% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Users\***\Documents\Installieren\ADOBE Photoshop CS5 2\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller  Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{938DB54D-B302-4594-A782-32219F1734AB}" = Canon Camera WIA Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ClearProg" = ClearProg 1.6.0 Final
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Defraggler" = Defraggler
"FBX Plugin 2006.08 for Max 9.0" = FBX Plugin 2006.08 for Max 9.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"GOM Player" = GOM Player
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{938DB54D-B302-4594-A782-32219F1734AB}" = Canon PowerShot S45 WIA-Treiber
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Drivers" = NVIDIA Drivers
"Pen Tablet Driver" = Bamboo
"PROHYBRIDR" = 2007 Microsoft Office system
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TrainingsplanV3.0_is1" = Trainingsplan V3.0
"Uninstall_is1" = Uninstall 1.0.0.1
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 6/8/2010 3:55:21 PM | Computer Name = ***-*** | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 6/9/2010 5:07:34 PM | Computer Name = ***-*** | Source = Bonjour Service | ID = 100
Description = 452: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 6/9/2010 5:07:34 PM | Computer Name = ***-*** | Source = Bonjour Service | ID = 100
Description = 200: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 6/9/2010 5:07:34 PM | Computer Name = ***-*** | Source = Bonjour Service | ID = 100
Description = 336: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 6/9/2010 5:07:34 PM | Computer Name = ***-*** | Source = Bonjour Service | ID = 100
Description = 196: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 6/9/2010 5:07:34 PM | Computer Name = ***-*** | Source = Bonjour Service | ID = 100
Description = 204: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 6/10/2010 5:33:39 PM | Computer Name = ***-*** | Source = TabletServicePen | ID = 0
Description = 
 
Error - 6/10/2010 6:04:43 PM | Computer Name = ***-*** | Source = Bonjour Service | ID = 100
Description = 368: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 6/10/2010 6:04:43 PM | Computer Name = ***-*** | Source = Bonjour Service | ID = 100
Description = 452: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 6/10/2010 6:04:43 PM | Computer Name = ***-*** | Source = Bonjour Service | ID = 100
Description = 476: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
[ System Events ]
Error - 5/21/2010 12:47:07 PM | Computer Name = ***-*** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 5/22/2010 4:34:13 PM | Computer Name = ***-*** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 5/23/2010 4:36:15 AM | Computer Name = ***-*** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 5/23/2010 5:14:54 AM | Computer Name = ***-*** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "1394 OHCI Compliant Host Controller" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%31
 
Error - 5/23/2010 5:53:12 AM | Computer Name = ***-*** | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
 fehlgeschlagen:   %%5
 
Error - 5/23/2010 6:39:19 AM | Computer Name = ***-*** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 5/23/2010 6:10:55 PM | Computer Name = ***-*** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 5/23/2010 7:26:38 PM | Computer Name = ***-*** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 5/24/2010 6:28:56 AM | Computer Name = ***-*** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 5/24/2010 1:25:07 PM | Computer Name = ***-*** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "adfs" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
 
< End of report >

--- --- ---

markusg · 13.06.2010, 10:36

Download den avenger und füge das folgende script wie beschrieben ein:
Avenger

Drivers to disable:
taunpo
Drivers to delete:
taunpo
Files to delete:
C:\windows\System32\drivers\taunpo.sys

Führe das script wie beschrieben aus, poste das log.

souleater · 13.06.2010, 14:05

Also ich versteh das nicht so ganz wie du dass meinst mit Scripts ausführen?
Ich bin jetzt einfach mal unter Start > Alle Programme > Zubehör > Ausführen... und dann hab ich halt C:\ ...... eingegeben, und dann kam nur eine Fehlermeldung das ich die Datei nicht öffnen kann?

markusg · 13.06.2010, 14:12

ne du sollst schon den avenger runter laden und dort das script reinkopieren und zwar nach der anleitung, die ich verlinkt habe.
und dann das script ausführen

souleater · 13.06.2010, 14:43

ah hab den link gar nicht gesehen, aber hier der report

Zitat:

Logfile of The Avenger Version 2.0, (c) by Swandog46
hxxp://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "taunpo" disabled successfully.
Driver "taunpo" deleted successfully.
File "C:\windows\System32\drivers\taunpo.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

markusg · 13.06.2010, 14:46

bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

souleater · 13.06.2010, 17:09

hier ist der log:

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-06-12.04 - *** 13.06.2010  17:56:03.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3037.2042 [GMT 2:00]
ausgeführt von:: c:\users\***\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\FullRemove.exe
c:\users\***\AppData\Roaming\.#
c:\users\***\AppData\Roaming\02000000d971e13d922C.manifest
c:\users\***\AppData\Roaming\02000000d971e13d922O.manifest
c:\users\***\AppData\Roaming\02000000d971e13d922P.manifest
c:\users\***\AppData\Roaming\02000000d971e13d922S.manifest
c:\windows\SEC
c:\windows\SEC\172100logo.bmp
c:\windows\SEC\banner.png
c:\windows\SEC\Computer.png
c:\windows\SEC\Media _S_ Logo.png
c:\windows\SEC\Samsung.png
c:\windows\SEC\Samsung2.png
c:\windows\SEC\SamsungLogo.png
c:\windows\SEC\Thumbs.db
c:\windows\SEC\Wallpapers\Thumbs.db
c:\windows\SEC\Wallpapers\wallpaper.jpg
c:\windows\SEC\Wallpapers\wallpaper1.jpg
c:\windows\SEC\Wallpapers\Wallpaper2.jpg

.
(((((((((((((((((((((((   Dateien erstellt von 2010-05-13 bis 2010-06-13  ))))))))))))))))))))))))))))))
.

2010-06-13 11:56 . 2010-06-13 12:08	--------	d-----w-	c:\users\***\AppData\Roaming\Mp3tag
2010-06-11 17:43 . 2010-06-11 18:05	--------	d-sh--w-	c:\users\***\AppData\Roaming\lowsec
2010-06-11 11:24 . 2010-05-01 14:49	2326528	----a-w-	c:\windows\system32\win32k.sys
2010-06-11 11:24 . 2010-03-05 07:42	67584	----a-w-	c:\windows\system32\asycfilt.dll
2010-06-11 11:24 . 2010-05-21 05:18	977920	----a-w-	c:\windows\system32\wininet.dll
2010-06-11 11:23 . 2010-05-27 07:24	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-06-11 11:23 . 2010-05-27 03:49	293888	----a-w-	c:\windows\system32\atmfd.dll
2010-06-09 17:42 . 2009-06-18 10:55	18816	------w-	c:\windows\system32\SAVRKBootTasks.sys
2010-06-08 19:08 . 2010-06-08 19:08	683801	----a-w-	c:\programdata\Last.fm\Client\UninstITW\unins000.exe
2010-06-08 19:08 . 2010-06-08 19:08	54	----a-w-	c:\programdata\Last.fm\Client\uninst2.bat
2010-06-08 19:08 . 2010-06-08 19:08	--------	d-----w-	c:\programdata\Last.fm
2010-06-08 19:00 . 2009-05-18 11:17	26600	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-08 19:00 . 2008-04-17 10:12	107368	----a-w-	c:\windows\system32\GEARAspi.dll
2010-06-08 18:59 . 2010-06-08 18:59	--------	d-----w-	c:\program files\iPod
2010-06-08 18:58 . 2010-06-08 18:58	--------	d-----w-	c:\program files\Apple Software Update
2010-06-06 19:46 . 2010-06-06 19:57	--------	d-----w-	c:\programdata\regid.1986-12.com.adobe
2010-06-06 19:40 . 2010-06-06 19:40	--------	d-----w-	c:\program files\Adobe Media Player
2010-06-06 19:39 . 2010-06-06 19:39	38784	----a-w-	c:\users\Default\AppData\Roaming\Macromedia\Flash Player\***.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-06 19:39 . 2010-06-06 19:39	--------	d-----w-	c:\program files\Common Files\Adobe AIR
2010-06-04 10:29 . 2010-06-04 10:29	71992	----a-w-	c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-01 18:40 . 2010-06-13 13:41	--------	d-----w-	c:\users\***\AppData\Roaming\WTablet
2010-06-01 18:40 . 2010-06-01 18:40	--------	d-----w-	c:\users\***\AppData\Roaming\WTouch
2010-06-01 18:40 . 2009-11-23 23:53	245032	------w-	c:\windows\system32\Touch_Tablet.dll
2010-06-01 18:40 . 2010-06-01 18:48	--------	d-----w-	c:\program files\WTouch
2010-06-01 18:39 . 2007-02-16 08:12	11312	----a-w-	c:\windows\system32\drivers\wacommousefilter.sys
2010-06-01 18:39 . 2009-05-20 09:54	13736	----a-w-	c:\windows\system32\drivers\wacomvhid.sys
2010-06-01 18:39 . 2010-06-01 18:47	--------	d-----w-	c:\windows\system32\WTablet
2010-06-01 18:39 . 2009-11-23 23:53	4497704	------w-	c:\windows\system32\Pen_Tablet.exe
2010-06-01 18:39 . 2009-11-23 23:53	416040	----a-w-	c:\windows\system32\Pen_Tablet.dll
2010-06-01 18:39 . 2009-11-23 10:16	284160	----a-w-	c:\windows\system32\Wintab32.dll
2010-06-01 18:39 . 2010-06-01 18:47	--------	d-----w-	c:\program files\Tablet
2010-05-31 17:22 . 2010-05-31 17:22	--------	d-----w-	c:\program files\TabletPlugins
2010-05-31 17:20 . 2009-08-27 22:06	16168	----a-w-	c:\windows\system32\drivers\wacmoumonitor.sys
2010-05-30 11:55 . 2010-05-30 17:06	--------	d-----w-	c:\programdata\Corel
2010-05-30 10:58 . 2010-05-30 16:20	2828	--sha-w-	c:\programdata\KGyGaAvL.sys
2010-05-30 10:58 . 2010-05-30 10:58	8	--sh--r-	c:\programdata\C96FFE052E.sys
2010-05-30 10:58 . 2010-05-30 10:58	--------	d-----w-	c:\users\***\AppData\Roaming\Corel
2010-05-30 10:14 . 1998-11-23 10:53	261120	----a-w-	c:\windows\UN160407.EXE
2010-05-30 10:14 . 1998-11-23 10:53	26768	----a-w-	c:\windows\system\CTL3D.DLL
2010-05-26 19:03 . 2010-04-23 07:13	2048	----a-w-	c:\windows\system32\tzres.dll
2010-05-25 17:24 . 2010-06-13 08:18	--------	d-----w-	c:\users\***\Neuer Ordner (2)
2010-05-25 11:53 . 2010-05-25 11:54	145	--s-a-w-	c:\users\***\AppData\Local\1714199777.dat
2010-05-25 10:07 . 2010-05-25 10:07	--------	d-----w-	c:\program files\SystemRequirementsLab
2010-05-23 10:26 . 2010-05-23 10:26	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2010-05-23 10:25 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-23 10:25 . 2010-05-23 10:25	--------	d-----w-	c:\programdata\Malwarebytes
2010-05-23 10:25 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-05-23 09:53 . 2010-05-23 09:53	--------	d-----w-	c:\users\***\AppData\Roaming\Avira
2010-05-23 09:52 . 2010-05-23 09:52	--------	d-----w-	c:\programdata\Avira
2010-05-23 09:52 . 2010-03-01 08:05	124784	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-05-23 09:52 . 2009-05-11 10:49	51992	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2010-05-23 09:52 . 2009-05-11 10:49	17016	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2010-05-23 09:13 . 2010-05-23 10:37	--------	d-----w-	c:\users\***\AppData\Local\dbhhjefoq
2010-05-22 21:06 . 2010-05-22 21:06	--------	d-----w-	c:\users\***\AppData\Roaming\KaLoMa
2010-05-16 10:34 . 2010-05-16 10:35	--------	d-----w-	c:\program files\Bonjour

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-13 15:41 . 2009-12-08 19:09	--------	d-----w-	c:\program files\Common Files\Akamai
2010-06-13 10:13 . 2009-12-08 19:25	--------	d-----w-	c:\users\***\AppData\Roaming\Apple Computer
2010-06-13 09:25 . 2010-02-07 13:32	1	----a-w-	c:\users\***\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-13 08:45 . 2009-09-22 22:05	654470	----a-w-	c:\windows\system32\perfc007.dat
2010-06-13 08:45 . 2009-09-22 22:05	2281378	----a-w-	c:\windows\system32\perfh007.dat
2010-06-11 18:02 . 2009-12-07 18:52	--------	d-----w-	c:\programdata\Microsoft Help
2010-06-08 18:59 . 2009-12-08 19:21	--------	d-----w-	c:\program files\Common Files\Apple
2010-06-06 19:55 . 2009-12-07 18:57	113416	----a-w-	c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-06 19:41 . 2009-12-07 18:46	--------	d-----w-	c:\program files\Common Files\Adobe
2010-06-04 17:49 . 2009-12-07 19:07	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-05-30 10:14 . 2010-05-30 10:14	0	----a-w-	c:\windows\VDM6D0A.tmp
2010-05-29 20:28 . 2010-02-19 06:53	--------	d-----w-	c:\users\***\AppData\Roaming\Ezaloz
2010-05-29 20:05 . 2010-04-10 07:49	--------	d-----w-	c:\users\***\AppData\Roaming\Ogcit
2010-05-25 11:53 . 2010-05-25 11:53	4	----a-w-	c:\users\***\AppData\Roaming\ovczpx.dat
2010-05-23 09:40 . 2010-04-25 18:15	57344	----a-w-	c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-23 09:40 . 2010-04-25 18:09	--------	d-----w-	c:\programdata\DivX
2010-05-23 09:40 . 2010-04-25 18:10	--------	d-----w-	c:\program files\DivX
2010-05-23 09:40 . 2010-02-14 11:59	--------	d-----w-	c:\program files\Common Files\PX Storage Engine
2010-05-13 18:09 . 2009-07-14 02:37	--------	d-----w-	c:\program files\Windows Mail
2010-05-12 09:21 . 2010-04-23 18:34	221568	------w-	c:\windows\system32\MpSigStub.exe
2010-05-09 09:13 . 2010-01-05 16:57	20	---h--w-	c:\programdata\PKP_DLdu.DAT
2010-05-08 21:02 . 2010-04-25 18:28	--------	d-----w-	c:\users\***\AppData\Roaming\DivX
2010-04-30 20:19 . 2010-04-30 20:16	--------	d-----w-	c:\program files\Windows Live Safety Center
2010-04-28 13:45 . 2010-04-28 13:45	73000	----a-w-	c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-25 18:08 . 2010-04-25 18:13	1180952	----a-w-	c:\programdata\DivX\Setup\DivXSetup.exe
2010-04-22 08:00 . 2009-09-22 05:29	--------	d-----w-	c:\programdata\McAfee
2010-04-21 18:47 . 2010-04-21 18:47	--------	d-----w-	c:\users\***\AppData\Roaming\GameConsole
2010-04-21 18:47 . 2010-04-21 18:47	--------	d-----w-	c:\program files\Common Files\SWF Studio
2010-04-20 07:09 . 2010-04-20 06:58	--------	d-----w-	c:\program files\Autodesk
2010-04-19 21:17 . 2010-04-19 17:26	--------	d-----w-	c:\users\***\AppData\Roaming\MAXON
2010-04-08 11:20 . 2010-04-08 11:20	91424	----a-w-	c:\windows\system32\dnssd.dll
2010-04-08 11:20 . 2010-04-08 11:20	107808	----a-w-	c:\windows\system32\dns-sd.exe
2010-03-18 20:29 . 2010-03-18 20:29	411368	----a-w-	c:\windows\system32\deploytk.dll
2009-06-10 21:26 . 2009-07-14 02:04	9633792	--sha-r-	c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42	396800	--sha-w-	c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-31 13797992]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"WTClient"="WTClient.exe" [2009-08-20 32768]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
" Malwarebytes Anti-Malware  (reboot)"="c:\users\***\Documents\Installieren\MBAM\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"iTunesHelper"="c:\users\***\Documents\Installieren\iTunes\iTunesHelper.exe" [2010-04-28 142120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10	35696	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
2008-09-30 13:06	485208	----a-w-	c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53	421888	----a-w-	c:\program files\QuickTime\QTTask.exe

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\65B4.tmp [x]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [2009-06-22 14504]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 16168]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2009-06-18 18816]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-23 4497704]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 113448]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [2009-06-22 23208]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-31 187392]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://***.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6860
uSearchURL,(Default) = hxxp://de.search.yahoo.com/search?fr=mcafee&p=%s
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\k1wx1ksh.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\TabletPlugins\npwacom.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\***\Documents\Installieren\iTunes\Mozilla Plugins\npitunes.dll

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\65B4.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-06-13  18:05:23
ComboFix-quarantined-files.txt  2010-06-13 16:05

Vor Suchlauf: 7 Verzeichnis(se), 157.600.002.048 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 157.283.651.584 Bytes frei

- - End Of File - - C901F381585E871D7946F4C6E4D8D3BF[/QUOTE]

--- --- ---

markusg · 13.06.2010, 17:28

Klicke:
start, programme, zubehör, editor.
kopiere rein:

Folder::
c:\users\***\AppData\Roaming\lowsec
DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6860

Datei speichern unter, typ, alle, name
cfscript.txt
speicherort, dort wo sich combofix.exe befindet. ziehe cfscript auf combofix, programm startet, log posten.

souleater · 13.06.2010, 17:59

hier nochmal ein weiterer Log

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-06-12.04 - *** 13.06.2010  18:47:45.2.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3037.2041 [GMT 2:00]
ausgeführt von:: c:\users\***\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\***\Downloads\cfscript.txt
.

(((((((((((((((((((((((   Dateien erstellt von 2010-05-13 bis 2010-06-13  ))))))))))))))))))))))))))))))
.

2010-06-13 16:53 . 2010-06-13 16:53	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-06-13 16:53 . 2010-06-13 16:53	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-06-13 16:05 . 2010-06-13 16:53	--------	d-----w-	c:\users\***\AppData\Local\temp
2010-06-13 11:56 . 2010-06-13 12:08	--------	d-----w-	c:\users\***\AppData\Roaming\Mp3tag
2010-06-11 17:43 . 2010-06-11 18:05	--------	d-sh--w-	c:\users\***\AppData\Roaming\lowsec
2010-06-11 11:24 . 2010-05-01 14:49	2326528	----a-w-	c:\windows\system32\win32k.sys
2010-06-11 11:24 . 2010-03-05 07:42	67584	----a-w-	c:\windows\system32\asycfilt.dll
2010-06-11 11:24 . 2010-05-21 05:18	977920	----a-w-	c:\windows\system32\wininet.dll
2010-06-11 11:23 . 2010-05-27 07:24	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-06-11 11:23 . 2010-05-27 03:49	293888	----a-w-	c:\windows\system32\atmfd.dll
2010-06-09 17:42 . 2009-06-18 10:55	18816	------w-	c:\windows\system32\SAVRKBootTasks.sys
2010-06-08 19:08 . 2010-06-08 19:08	683801	----a-w-	c:\programdata\Last.fm\Client\UninstITW\unins000.exe
2010-06-08 19:08 . 2010-06-08 19:08	54	----a-w-	c:\programdata\Last.fm\Client\uninst2.bat
2010-06-08 19:08 . 2010-06-08 19:08	--------	d-----w-	c:\programdata\Last.fm
2010-06-08 19:00 . 2009-05-18 11:17	26600	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-08 19:00 . 2008-04-17 10:12	107368	----a-w-	c:\windows\system32\GEARAspi.dll
2010-06-08 18:59 . 2010-06-08 18:59	--------	d-----w-	c:\program files\iPod
2010-06-08 18:58 . 2010-06-08 18:58	--------	d-----w-	c:\program files\Apple Software Update
2010-06-06 19:46 . 2010-06-06 19:57	--------	d-----w-	c:\programdata\regid.1986-12.com.adobe
2010-06-06 19:40 . 2010-06-06 19:40	--------	d-----w-	c:\program files\Adobe Media Player
2010-06-06 19:39 . 2010-06-06 19:39	38784	----a-w-	c:\users\Default\AppData\Roaming\Macromedia\Flash Player\***.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-06 19:39 . 2010-06-06 19:39	--------	d-----w-	c:\program files\Common Files\Adobe AIR
2010-06-04 10:29 . 2010-06-04 10:29	71992	----a-w-	c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-01 18:40 . 2010-06-13 13:41	--------	d-----w-	c:\users\***\AppData\Roaming\WTablet
2010-06-01 18:40 . 2010-06-01 18:40	--------	d-----w-	c:\users\***\AppData\Roaming\WTouch
2010-06-01 18:40 . 2009-11-23 23:53	245032	------w-	c:\windows\system32\Touch_Tablet.dll
2010-06-01 18:40 . 2010-06-01 18:48	--------	d-----w-	c:\program files\WTouch
2010-06-01 18:39 . 2007-02-16 08:12	11312	----a-w-	c:\windows\system32\drivers\wacommousefilter.sys
2010-06-01 18:39 . 2009-05-20 09:54	13736	----a-w-	c:\windows\system32\drivers\wacomvhid.sys
2010-06-01 18:39 . 2010-06-01 18:47	--------	d-----w-	c:\windows\system32\WTablet
2010-06-01 18:39 . 2009-11-23 23:53	4497704	------w-	c:\windows\system32\Pen_Tablet.exe
2010-06-01 18:39 . 2009-11-23 23:53	416040	----a-w-	c:\windows\system32\Pen_Tablet.dll
2010-06-01 18:39 . 2009-11-23 10:16	284160	----a-w-	c:\windows\system32\Wintab32.dll
2010-06-01 18:39 . 2010-06-01 18:47	--------	d-----w-	c:\program files\Tablet
2010-05-31 17:22 . 2010-05-31 17:22	--------	d-----w-	c:\program files\TabletPlugins
2010-05-31 17:20 . 2009-08-27 22:06	16168	----a-w-	c:\windows\system32\drivers\wacmoumonitor.sys
2010-05-30 11:55 . 2010-05-30 17:06	--------	d-----w-	c:\programdata\Corel
2010-05-30 10:58 . 2010-05-30 16:20	2828	--sha-w-	c:\programdata\KGyGaAvL.sys
2010-05-30 10:58 . 2010-05-30 10:58	8	--sh--r-	c:\programdata\C96FFE052E.sys
2010-05-30 10:58 . 2010-05-30 10:58	--------	d-----w-	c:\users\***\AppData\Roaming\Corel
2010-05-30 10:14 . 1998-11-23 10:53	261120	----a-w-	c:\windows\UN160407.EXE
2010-05-30 10:14 . 1998-11-23 10:53	26768	----a-w-	c:\windows\system\CTL3D.DLL
2010-05-26 19:03 . 2010-04-23 07:13	2048	----a-w-	c:\windows\system32\tzres.dll
2010-05-25 17:24 . 2010-06-13 08:18	--------	d-----w-	c:\users\***\Neuer Ordner (2)
2010-05-25 11:53 . 2010-05-25 11:54	145	--s-a-w-	c:\users\***\AppData\Local\1714199777.dat
2010-05-25 10:07 . 2010-05-25 10:07	--------	d-----w-	c:\program files\SystemRequirementsLab
2010-05-23 10:26 . 2010-05-23 10:26	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2010-05-23 10:25 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-23 10:25 . 2010-05-23 10:25	--------	d-----w-	c:\programdata\Malwarebytes
2010-05-23 10:25 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-05-23 09:53 . 2010-05-23 09:53	--------	d-----w-	c:\users\***\AppData\Roaming\Avira
2010-05-23 09:52 . 2010-05-23 09:52	--------	d-----w-	c:\programdata\Avira
2010-05-23 09:52 . 2010-03-01 08:05	124784	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-05-23 09:52 . 2009-05-11 10:49	51992	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2010-05-23 09:52 . 2009-05-11 10:49	17016	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2010-05-23 09:13 . 2010-05-23 10:37	--------	d-----w-	c:\users\***\AppData\Local\dbhhjefoq
2010-05-22 21:06 . 2010-05-22 21:06	--------	d-----w-	c:\users\***\AppData\Roaming\KaLoMa
2010-05-16 10:34 . 2010-05-16 10:35	--------	d-----w-	c:\program files\Bonjour

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-13 16:41 . 2009-12-08 19:09	--------	d-----w-	c:\program files\Common Files\Akamai
2010-06-13 16:06 . 2010-02-07 13:32	1	----a-w-	c:\users\***\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-13 10:13 . 2009-12-08 19:25	--------	d-----w-	c:\users\***\AppData\Roaming\Apple Computer
2010-06-13 08:45 . 2009-09-22 22:05	654470	----a-w-	c:\windows\system32\perfc007.dat
2010-06-13 08:45 . 2009-09-22 22:05	2281378	----a-w-	c:\windows\system32\perfh007.dat
2010-06-11 18:02 . 2009-12-07 18:52	--------	d-----w-	c:\programdata\Microsoft Help
2010-06-08 18:59 . 2009-12-08 19:21	--------	d-----w-	c:\program files\Common Files\Apple
2010-06-06 19:55 . 2009-12-07 18:57	113416	----a-w-	c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-06 19:41 . 2009-12-07 18:46	--------	d-----w-	c:\program files\Common Files\Adobe
2010-06-04 17:49 . 2009-12-07 19:07	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-05-30 10:14 . 2010-05-30 10:14	0	----a-w-	c:\windows\VDM6D0A.tmp
2010-05-29 20:28 . 2010-02-19 06:53	--------	d-----w-	c:\users\***\AppData\Roaming\Ezaloz
2010-05-29 20:05 . 2010-04-10 07:49	--------	d-----w-	c:\users\***\AppData\Roaming\Ogcit
2010-05-25 11:53 . 2010-05-25 11:53	4	----a-w-	c:\users\***\AppData\Roaming\ovczpx.dat
2010-05-23 09:40 . 2010-04-25 18:15	57344	----a-w-	c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-23 09:40 . 2010-04-25 18:09	--------	d-----w-	c:\programdata\DivX
2010-05-23 09:40 . 2010-04-25 18:10	--------	d-----w-	c:\program files\DivX
2010-05-23 09:40 . 2010-02-14 11:59	--------	d-----w-	c:\program files\Common Files\PX Storage Engine
2010-05-13 18:09 . 2009-07-14 02:37	--------	d-----w-	c:\program files\Windows Mail
2010-05-12 09:21 . 2010-04-23 18:34	221568	------w-	c:\windows\system32\MpSigStub.exe
2010-05-09 09:13 . 2010-01-05 16:57	20	---h--w-	c:\programdata\PKP_DLdu.DAT
2010-05-08 21:02 . 2010-04-25 18:28	--------	d-----w-	c:\users\***\AppData\Roaming\DivX
2010-04-30 20:19 . 2010-04-30 20:16	--------	d-----w-	c:\program files\Windows Live Safety Center
2010-04-28 13:45 . 2010-04-28 13:45	73000	----a-w-	c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-25 18:08 . 2010-04-25 18:13	1180952	----a-w-	c:\programdata\DivX\Setup\DivXSetup.exe
2010-04-22 08:00 . 2009-09-22 05:29	--------	d-----w-	c:\programdata\McAfee
2010-04-21 18:47 . 2010-04-21 18:47	--------	d-----w-	c:\users\***\AppData\Roaming\GameConsole
2010-04-21 18:47 . 2010-04-21 18:47	--------	d-----w-	c:\program files\Common Files\SWF Studio
2010-04-20 07:09 . 2010-04-20 06:58	--------	d-----w-	c:\program files\Autodesk
2010-04-19 21:17 . 2010-04-19 17:26	--------	d-----w-	c:\users\***\AppData\Roaming\MAXON
2010-04-08 11:20 . 2010-04-08 11:20	91424	----a-w-	c:\windows\system32\dnssd.dll
2010-04-08 11:20 . 2010-04-08 11:20	107808	----a-w-	c:\windows\system32\dns-sd.exe
2010-03-18 20:29 . 2010-03-18 20:29	411368	----a-w-	c:\windows\system32\deploytk.dll
2009-06-10 21:26 . 2009-07-14 02:04	9633792	--sha-r-	c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42	396800	--sha-w-	c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-31 13797992]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"WTClient"="WTClient.exe" [2009-08-20 32768]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
" Malwarebytes Anti-Malware  (reboot)"="c:\users\***\Documents\Installieren\MBAM\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"iTunesHelper"="c:\users\***\Documents\Installieren\iTunes\iTunesHelper.exe" [2010-04-28 142120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10	35696	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
2008-09-30 13:06	485208	----a-w-	c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53	421888	----a-w-	c:\program files\QuickTime\QTTask.exe

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\65B4.tmp [x]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [2009-06-22 14504]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 16168]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2009-06-18 18816]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-11-23 4497704]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-23 113448]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [2009-06-22 23208]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-31 187392]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://***.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uSearchURL,(Default) = hxxp://de.search.yahoo.com/search?fr=mcafee&p=%s
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\k1wx1ksh.default\
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\TabletPlugins\npwacom.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\***\Documents\Installieren\iTunes\Mozilla Plugins\npitunes.dll

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\65B4.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-06-13  18:56:20
ComboFix-quarantined-files.txt  2010-06-13 16:56
ComboFix2.txt  2010-06-13 16:05

Vor Suchlauf: 10 Verzeichnis(se), 157.335.838.720 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 157.278.232.576 Bytes frei

- - End Of File - - 4859C13B12654DE676F8ED916AB04F54[/QUOTE]

--- --- ---

markusg · 13.06.2010, 18:13

ich hoffe du hast *** im cfscript durch deinen namen ersetzt :-)
avira

avira so instalieren bzw. dann konfigurieren. wenn du die konfiguration übernommen hast, update das programm.
klicke dann auf "lokaler schutz" "lokale laufwerke" eventuelle funde in quarantäne, log posten.

souleater · 13.06.2010, 19:26

jaa ich ersetz den namen immer durhc die sternen ^^

Zitat:

Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Sonntag, 13. Juni 2010 19:27

Es wird nach 2206493 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : ***
Computername : ***-PC

Versionsinformationen:
BUILD.DAT : 10.0.0.567 Bytes 19.04.2010 15:50:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 01.04.2010 11:37:35
AVSCAN.DLL : 10.0.3.0 56168 Bytes 30.03.2010 10:42:16
LUKE.DLL : 10.0.2.3 104296 Bytes 07.03.2010 17:32:59
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 18:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 16:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 15:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 10:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 17:15:42
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02.06.2010 16:54:45
VBASE007.VDF : 7.10.7.219 2048 Bytes 02.06.2010 16:54:45
VBASE008.VDF : 7.10.7.220 2048 Bytes 02.06.2010 16:54:45
VBASE009.VDF : 7.10.7.221 2048 Bytes 02.06.2010 16:54:45
VBASE010.VDF : 7.10.7.222 2048 Bytes 02.06.2010 16:54:45
VBASE011.VDF : 7.10.7.223 2048 Bytes 02.06.2010 16:54:45
VBASE012.VDF : 7.10.7.224 2048 Bytes 02.06.2010 16:54:45
VBASE013.VDF : 7.10.8.37 270336 Bytes 10.06.2010 17:50:41
VBASE014.VDF : 7.10.8.38 2048 Bytes 10.06.2010 17:50:41
VBASE015.VDF : 7.10.8.39 2048 Bytes 10.06.2010 17:50:41
VBASE016.VDF : 7.10.8.40 2048 Bytes 10.06.2010 17:50:41
VBASE017.VDF : 7.10.8.41 2048 Bytes 10.06.2010 17:50:42
VBASE018.VDF : 7.10.8.42 2048 Bytes 10.06.2010 17:50:42
VBASE019.VDF : 7.10.8.43 2048 Bytes 10.06.2010 17:50:42
VBASE020.VDF : 7.10.8.44 2048 Bytes 10.06.2010 17:50:42
VBASE021.VDF : 7.10.8.45 2048 Bytes 10.06.2010 17:50:42
VBASE022.VDF : 7.10.8.46 2048 Bytes 10.06.2010 17:50:42
VBASE023.VDF : 7.10.8.47 2048 Bytes 10.06.2010 17:50:42
VBASE024.VDF : 7.10.8.48 2048 Bytes 10.06.2010 17:50:42
VBASE025.VDF : 7.10.8.49 2048 Bytes 10.06.2010 17:50:43
VBASE026.VDF : 7.10.8.50 2048 Bytes 10.06.2010 17:50:43
VBASE027.VDF : 7.10.8.51 2048 Bytes 10.06.2010 17:50:43
VBASE028.VDF : 7.10.8.52 2048 Bytes 10.06.2010 17:50:43
VBASE029.VDF : 7.10.8.53 2048 Bytes 10.06.2010 17:50:43
VBASE030.VDF : 7.10.8.54 2048 Bytes 10.06.2010 17:50:43
VBASE031.VDF : 7.10.8.62 55808 Bytes 11.06.2010 17:50:44
Engineversion : 8.2.2.6
AEVDF.DLL : 8.1.2.0 106868 Bytes 25.05.2010 17:16:03
AESCRIPT.DLL : 8.1.3.31 1352058 Bytes 08.06.2010 16:54:55
AESCN.DLL : 8.1.6.1 127347 Bytes 25.05.2010 17:16:01
AESBX.DLL : 8.1.3.1 254324 Bytes 25.05.2010 17:16:04
AERDL.DLL : 8.1.4.6 541043 Bytes 25.05.2010 17:16:01
AEPACK.DLL : 8.2.1.1 426358 Bytes 19.03.2010 11:34:51
AEOFFICE.DLL : 8.1.1.0 201081 Bytes 25.05.2010 17:16:00
AEHEUR.DLL : 8.1.1.33 2724214 Bytes 08.06.2010 16:54:54
AEHELP.DLL : 8.1.11.5 242038 Bytes 08.06.2010 16:54:50
AEGEN.DLL : 8.1.3.10 377205 Bytes 08.06.2010 16:54:50
AEEMU.DLL : 8.1.2.0 393588 Bytes 25.05.2010 17:15:55
AECORE.DLL : 8.1.15.3 192886 Bytes 25.05.2010 17:15:55
AEBB.DLL : 8.1.1.0 53618 Bytes 25.05.2010 17:15:54
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:10
AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 10:59:07
AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 15:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 01.04.2010 11:35:44
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 01.04.2010 11:39:49
AVARKT.DLL : 10.0.0.14 227176 Bytes 01.04.2010 11:22:11
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 08:53:25
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:53
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:54
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:55
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08
RCTEXT.DLL : 10.0.53.0 98152 Bytes 09.04.2010 13:14:28

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Laufwerke
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\alldrives.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, E:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 10
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: hoch

Beginn des Suchlaufs: Sonntag, 13. Juni 2010 19:27

Der Suchlauf nach versteckten Objekten wird begonnen.
c:\windows\explorer.exe
c:\Windows\explorer.exe
[HINWEIS] Der Prozess ist nicht sichtbar.
c:\windows\explorer.exe
c:\windows\explorer.exe
c:\windows\explorer.exe

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Safari.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'InputPersonalization.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LastFM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Pen_TabletUser.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1655' Dateien ).

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
Beginne mit der Suche in 'D:\'
Beginne mit der Suche in 'E:\' <Audio CD>

Ende des Suchlaufs: Sonntag, 13. Juni 2010 20:21
Benötigte Zeit: 54:01 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

19476 Verzeichnisse wurden überprüft
392476 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
392476 Dateien ohne Befall
2153 Archive wurden durchsucht
0 Warnungen
0 Hinweise
37722 Objekte wurden beim Rootkitscan durchsucht
4 Versteckte Objekte wurden gefunden

markusg · 17.06.2010, 11:23

sorry für die späte antwort, gabs noch probleme?

13.06.2010, 10:36	#2
markusg /// Malware-holic	$TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys - Standard$ TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys Download den avenger und füge das folgende script wie beschrieben ein: Avenger Drivers to disable: taunpo Drivers to delete: taunpo Files to delete: C:\windows\System32\drivers\taunpo.sys Führe das script wie beschrieben aus, poste das log. __________________

13.06.2010, 14:12	#4
markusg /// Malware-holic	$TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys - Standard$ TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys ne du sollst schon den avenger runter laden und dort das script reinkopieren und zwar nach der anleitung, die ich verlinkt habe. und dann das script ausführen

13.06.2010, 14:46	#6
markusg /// Malware-holic	$TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys - Standard$ TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix

17.06.2010, 11:23	#12
markusg /// Malware-holic	$TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys - Standard$ TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys sorry für die späte antwort, gabs noch probleme?

TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys

Plagegeister aller Art und deren Bekämpfung: TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys